<?
// Turn off default error reporting
error_reporting(0);

//
// include configuration & functions file & error handling
$tmp = "config.inc.php";
include($tmp);

if ($cfg['httpd_mode'] != 'webcp') {
	$tmp = "functions.inc.phps";
	include($tmp);
}

$data = load_input_vars('data');

if (substr($data['filelocation'], 0, 5)!='/tmp/'
    || strpos($data['filelocation'], '../')!==false
	|| !verify_seal($data['seal'], $data['filelocation'])) {

	echo 'Access denied!';
    return;
}

if ($tf = fopen($data['filelocation'], "r")) {
	// Date in the past
	send_header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");

	// always modified
	send_header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");

	// HTTP/1.1
	send_header("Cache-Control: no-store, no-cache, must-revalidate");
	send_header("Cache-Control: post-check=0, pre-check=0", false);

	// HTTP/1.0
	send_header("Pragma: no-cache");

	// We'll be outputting $filetype
	send_header('Content-type: '.$data['filetype']);

	// It will be called $filename
	send_header('Content-Disposition: attachment; filename="'.$data['filename'].'"');

	/*while (!feof($tf)) {
		echo fread($tf, 1024);
	}*/
	fpassthru($tf);
	fclose($tf);
	if ($data['removefile'] == 'true') {
		unlink($data['filelocation']);
	}
} else {
	echo "error";
}
?>
